email security?

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

email security?

Jim Byrnes-4
I run thunderbird on various flavors of Ubuntu in text mode.

Is there any risk in just opening a suspicious email using thunderbird
in Ubuntu?

If there is risk does using text mode mitigate it any?

Would opening it in print preview make it less risky?

Regards,  Jim


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: email security?

Peter Flynn
On 07/04/18 22:30, Jim wrote:
> I run thunderbird on various flavors of Ubuntu in text mode.
>
> Is there any risk in just opening a suspicious email using thunderbird
> in Ubuntu?

I don't know for sure, because I don't know what holes there are in
Thunderbird, so I avoid opening dodgy emails in it, even though I have
it set NOT to use HTML.

> If there is risk does using text mode mitigate it any?

It depends what you mean by text mode -- that is, what mail application?
If you use UCB Mail, I'd say zero risk, as there isn't any kind of API
that a virus could latch onto AFAIK. Probably the same applies to mutt,
elm, pine, etc.

> Would opening it in print preview make it less risky?

No, probably worse, as that will invoke PDF or other graphics libraries,
all of which have had known vulnerabilities.

Personally I just delete suspicious emails on arrival (those that
procmail hasn't already trashed).

It's very unlikely that anyone I deal with would send anything other
than plain text, and the few who might have to use O365 know better than
to send me HTML email or OLE embedded features.

Anyone genuinely trying to contact me for the first time, and sending a
message which looks suspicious, will just have to try another way.

If it might be really, really important, right-click the message and
pick Save As... and save it as a file somewhere. Then open it with a
plaintext editor (eg Emacs, vi, gedit, etc). You will at least be able
to see and examine all the headers for evidence of dodgy origins, and to
see if it contains plain text in the message body. If the entire message
looks like hexadecimal, with no readable text at all, then it's been
sent from a system that leaves no plaintext copy, which I would avoid.

///Peter


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: email security?

Doug McGarrett

On 04/07/2018 06:29 PM, Peter Flynn wrote:
On 07/04/18 22:30, Jim wrote:
I run thunderbird on various flavors of Ubuntu in text mode.

Is there any risk in just opening a suspicious email using thunderbird
in Ubuntu?
I don't know for sure, because I don't know what holes there are in
Thunderbird, so I avoid opening dodgy emails in it, even though I have
it set NOT to use HTML.

If there is risk does using text mode mitigate it any?
It depends what you mean by text mode -- that is, what mail application?
If you use UCB Mail, I'd say zero risk, as there isn't any kind of API
that a virus could latch onto AFAIK. Probably the same applies to mutt,
elm, pine, etc.

Would opening it in print preview make it less risky?
No, probably worse, as that will invoke PDF or other graphics libraries,
all of which have had known vulnerabilities.

Personally I just delete suspicious emails on arrival (those that
procmail hasn't already trashed).
One note here: Do not open any email that purports to come from any financial institution!
And it may be useful to forward it to abuse@(financial institution).com because many of those
financial institutions will attempt to track down and stop those emails. They are all phishing
expeditions!

--doug

It's very unlikely that anyone I deal with would send anything other
than plain text, and the few who might have to use O365 know better than
to send me HTML email or OLE embedded features.

Anyone genuinely trying to contact me for the first time, and sending a
message which looks suspicious, will just have to try another way.

If it might be really, really important, right-click the message and
pick Save As... and save it as a file somewhere. Then open it with a
plaintext editor (eg Emacs, vi, gedit, etc). You will at least be able
to see and examine all the headers for evidence of dodgy origins, and to
see if it contains plain text in the message body. If the entire message
looks like hexadecimal, with no readable text at all, then it's been
sent from a system that leaves no plaintext copy, which I would avoid.

///Peter




--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: email security?

Ralf Mardorf-2
On Sat, 07 Apr 2018 21:20:09 -0400, Doug wrote:
>One note here: Do not open any email that purports to come from any
>financial institution!
>And it may be useful to forward it to *abuse@(financial
>institution).com* because many of those
>financial institutions will attempt to track down and stop those
>emails. They are *all* phishing
>expeditions!

Actually I won an iPad, because I opened a mail from my house bank. You
don't need to worry about all those phishing mails. Opening a phishing
mail doesn't cause any harm at all, even not, if you open HTML mails
with faked links, just don't allow remote content to get opened and
before you click a link, take a look, at the status bar, it does show
the real link location. Your house bank never ever will ask you for a
PIN or TAN when getting in contact with you by an email.

On Sat, 7 Apr 2018 23:29:21 +0100, Peter Flynn wrote:
>> If there is risk does using text mode mitigate it any?  
>
>It depends what you mean by text mode -- that is, what mail
>application? If you use UCB Mail, I'd say zero risk, as there isn't
>any kind of API that a virus could latch onto AFAIK. Probably the same
>applies to mutt, elm, pine, etc.

1. Yes, text mode does mitigate the risk, what ever MUA you are using.

2. Indeed there always is a risk, but this risk applies to any API you
are using, even sandboxes/containers are not an absolute protection,
just keep in mind security wholes, such as Meltdown.

3. When using Linux, we are usually very good protected. For testing
purpose I used Linux installs, to open malicious attachments, non of
those attachments ever was able to corrupt an completely unprotected
Linux install.

It is possible to hack a Linux and quite often Linux servers get
hacked, but usually by other kinds of attacks, than by a Windows hacker
approach  of the "Britney_Spears_naked.jpg" email attachment kind.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: email security?

Colin Law
In reply to this post by Doug McGarrett
On 8 April 2018 at 02:20, Doug <[hidden email]> wrote:
> ...
> One note here: Do not open any email that purports to come from any
> financial institution!
> And it may be useful to forward it to abuse@(financial institution).com
> because many of those
> financial institutions will attempt to track down and stop those emails.
> They are all phishing
> expeditions!

Not correct. I get emails from several of the financial institutions I
have accounts with.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: email security?

Jim Byrnes-4
In reply to this post by Peter Flynn
On 04/07/2018 05:29 PM, Peter Flynn wrote:

> On 07/04/18 22:30, Jim wrote:
>> I run thunderbird on various flavors of Ubuntu in text mode.
>>
>> Is there any risk in just opening a suspicious email using thunderbird
>> in Ubuntu?
>
> I don't know for sure, because I don't know what holes there are in
> Thunderbird, so I avoid opening dodgy emails in it, even though I have
> it set NOT to use HTML.
>
>> If there is risk does using text mode mitigate it any?
>
> It depends what you mean by text mode -- that is, what mail application?
> If you use UCB Mail, I'd say zero risk, as there isn't any kind of API
> that a virus could latch onto AFAIK. Probably the same applies to mutt,
> elm, pine, etc.
>
>> Would opening it in print preview make it less risky?
>
> No, probably worse, as that will invoke PDF or other graphics libraries,
> all of which have had known vulnerabilities.
>
> Personally I just delete suspicious emails on arrival (those that
> procmail hasn't already trashed).
>
> It's very unlikely that anyone I deal with would send anything other
> than plain text, and the few who might have to use O365 know better than
> to send me HTML email or OLE embedded features.
>
> Anyone genuinely trying to contact me for the first time, and sending a
> message which looks suspicious, will just have to try another way.
>
> If it might be really, really important, right-click the message and
> pick Save As... and save it as a file somewhere. Then open it with a
> plaintext editor (eg Emacs, vi, gedit, etc). You will at least be able
> to see and examine all the headers for evidence of dodgy origins, and to
> see if it contains plain text in the message body. If the entire message
> looks like hexadecimal, with no readable text at all, then it's been
> sent from a system that leaves no plaintext copy, which I would avoid.
>
> ///Peter
>
>
Thanks to Peter and everyone else that responded.  I never click on
links I am not sure of and have been looking for a good  way to check
out questionable emails that had a chance of being legit. Save as seems
to fill that need.

Regards,  Jim




--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users